Re: email fowarding

From: Radoslav Dejanoviæ (radoslav.dejanovic@zagreb.hr)
Date: 06/28/02 

From: Radoslav Dejanoviæ <radoslav.dejanovic@zagreb.hr>
To: "Marcus James" <marcus01@post.com>, security-basics@securityfocus.com
Date: Fri, 28 Jun 2002 09:01:45 +0200

On Thursday 27 June 2002 00:44, Marcus James wrote:
> What I am trying to determine is what the best practices are in this
> regard. My gut-feel says that this is not a good idea since email is
> "inherently insecure" and may be intercepted and so on and so forth. But
> on the other hand is this such a big deal? I'm not sure.

You should be aware of just one fact: if something happen to the e-mail
sent to the outside world, it defintely isn't your problem. Sending
sensitive data out is, and will allways be insecure. What you can do is
(if you want to, of course) to propose some other method for users who are
out of the office to read their e-mail. Using Remote Access Server for
them to dial in to the company is quite nice, relatively easy to set up
and much more secure than forwarding e-mails to some insecure server out
in the wilderness.

> A second question: Would forcing users to use a web interface to access
> their email instead be "more secure"?

??? What is the network topology? Do they have to use remote service when
they're out of office, do they have a LAN, do they have to dial out to the
Internet to get some mail (for some unknown reason) or what?

If you're talking about people in offices, they can use any e-mail reader
they want (though, I'd prefer preventing them from using Outlook/OE)...
If they're outside, I'd recommend making RAS for them to dial in, or
exposing one dedicated server in DMZ as Webmail service (with
encryption, of course), so users don't have to forward their e-mail to
untrusted servers. 

-- 
Radoslav Dejanovic
Senior Associate to Mayor's Office
City of Zagreb, Croatia

Relevant Pages

  • Re: HOWTO - Linux Home Server (review)
    ... > I hope he does not, those are insecure and should not be used for accessing ... > a server that you want to keep secure. ... you little punk trolling dickhead! ...
    (alt.os.linux)
  • Re: write with cURL
    ... It takes time to set up an account for you, process the billing, etc. ... Sorry, my servers are secure. ... Nothing you have told me shows me you know how to lock down a server so that it is secure - other than to use the server's file security. ...
    (alt.php)
  • Re: NT4 -> Win2K3 question
    ... disable SMB signing for the Workstation or Server service on a domain ... Get Secure! ... The File Replication Service Event log test ... controller to the following destination domain ...
    (microsoft.public.windows.server.migration)
  • [OT] Re: RSA implementation, please comment.
    ... on a separate server is actually a very good idea, ... This web front uses a well defined and secure ... Don't store the private key on the server. ... Every client gets a smartcard for the decryption (or a HSM, ...
    (comp.lang.perl.misc)
  • Re: Word 2007 Missing User Level Securitty - ARRRGGGGHHHH What were they thinking?
    ... File servers aren't secure? ... Access predates Windows security, ... database system has never been updated or kept current. ... the OS-based database server product, ...
    (microsoft.public.access.security)